avast detects JS:Iframe-EGI [Trj] on this site!

See: https://www.virustotal.com/nb/url/be1d5fb432372e96532a47f0cb4b745c9fa4b47ee0f184b680dc975e0d3d88a5/analysis/1419352535/
& http://killmalware.com/faxmobilethailand.com/
Blacklisted and with malware: http://sitecheck.sucuri.net/results/www.faxmobilethailand.com
Known javascript malware. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35?v18
document.body.appendChild(divTag);
System Details:
Running on: Apache/2
Powered by: PHP/5.3.24

Web application details:
Application: Joomla! 1.5 - Open Source Content Management - http://www.joomla.org

Web application version:
Joomla Version 1.5.18 - 1.5.26 for: htxp://www.faxmobilethailand.com/media/system/js/caption.js
Joomla Version 1.5.18 to 1.5.26 for: htxp://www.faxmobilethailand.com/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
6 filers potentially suspicious: http://quttera.com/detailed_report/www.faxmobilethailand.com
IP found in database: http://www.abuseipdb.com/check/203.150.230.18 & http://anti-hacker-alliance.com/index.php?details=203.150.230.18
& https://www.virustotal.com/nb/ip-address/203.150.230.18/information/
Avast furthermore detects HTML:Iframe-ZG [Trj] from IP.
Completely and utterly missed here: http://www.reputationauthority.org/domain_lookup.php?ip=faxmobilethailand.com&Submit.x=15&Submit.y=8&Submit=Search
Suspicious external element: htxp://www.2n.cz/en/products/gsm-gateways/analog/easygate/

pol

Just do a search query on https://www.google.nl/search?q=eval(function(p%2Ca%2Cc%2Ck%2Ce%2Cd){e%3Dfunction(c){return(c<a%3F''%3Ae(parseInt(c%2Fa)))%2B((c%3Dc%25a)%3E35%3FString.fromCharCode(c%2B29)%3Ac.toString(36))%7D%3Bwhile(c–)%7Bif(k%5Bc%5D)%7Bp%3Dp.replace(new+RegExp(%27%5C%5Cb%27%2Be(c)%2B%27%5C%5Cb%27%2C%27g%27)%2Ck%5Bc%5D)%7D%7Dreturn+p%7D&oq=eval(function(p%2Ca%2Cc%2Ck%2Ce%2Cd)%7Be%3Dfunction(c)%7Breturn(c%3Ca%3F%27%27%3Ae(parseInt(c%2Fa)))%2B((c%3Dc%25a)%3E35%3FString.fromCharCode(c%2B29)%3Ac.toString(36))%7D%3Bwhile(c–)%7Bif(k%5Bc%5D)%7Bp%3Dp.replace(new+RegExp(%27%5C%5Cb%27%2Be(c)%2B%27%5C%5Cb%27%2C%27g%27)%2Ck%5Bc%5D)%7D%7Dreturn+p%7D&aqs=chrome…69i57&sourceid=chrome&es_sm=93&ie=UTF-8 etc. etc.
and read via links how to make javascript more complex and decrypted hidden rogue packed code → http://aw-snap.info/articles/js-examples.php

Use this: http://www.strictly-software.com/unpack-javascript (mind two different scripts may have come to interplay!).
Or this: http://www.greymagic.com/security/tools/decoder/decoder.asp

polonus